Format: 1.8 Date: Mon, 29 Oct 2018 08:13:39 -0400 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: i386 Version: 7.47.0-1ubuntu2.11 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.47.0-1ubuntu2.11) xenial-security; urgency=medium . * SECURITY UPDATE: SASL password overflow via integer overflow - debian/patches/CVE-2018-16839-pre1.patch: prevent size overflows in lib/curl_sasl.c. - debian/patches/CVE-2018-16839-pre2.patch: fix integer overflow check in lib/curl_ntlm_core.c, lib/curl_setup.h, lib/curl_sasl.c. - debian/patches/CVE-2018-16839.patch: fix check in lib/curl_sasl.c. - CVE-2018-16839 * SECURITY UPDATE: warning message out-of-buffer read - debian/patches/oob-read.patch: fix bad arithmetic in src/tool_msgs.c. - CVE number pending Checksums-Sha1: 4263c03912f282de579906e79cd1b97f96b9df70 1084 curl-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 7b9564787ff3852e2107bca39bcf103dffad3b1e 141796 curl_7.47.0-1ubuntu2.11_i386.deb 84d2c2ca03f6717e51fc0bea5657930b8816ba14 3224958 libcurl3-dbg_7.47.0-1ubuntu2.11_i386.deb a6ba2ecaf15609ce7fc09caa6cc5ffc9b015e1e0 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 6f6cd2a162395014e1c8e5f7acb1c6469c14224f 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb fbaaf7d0b40b7af967960466ef284f590ff85d58 205546 libcurl3-gnutls_7.47.0-1ubuntu2.11_i386.deb 5830c26ef82e858106525ceb8056306b8d2dea87 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb f0d5b3999fa4ffcae88641bcec98c87416a770c7 211792 libcurl3-nss_7.47.0-1ubuntu2.11_i386.deb ea29a8f0e325b44ed170f327973e19314356ddab 208540 libcurl3_7.47.0-1ubuntu2.11_i386.deb f63df32e426b0b397e6ad369cd52e5c68d3c416b 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb c638207319228c491d410f09cc866e7360eca4bf 289244 libcurl4-gnutls-dev_7.47.0-1ubuntu2.11_i386.deb d109a38f238ab27c750e015599fec6280e9c5e8b 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 17eb6eabf44750958a90ee8feebda72fe2e77b48 295906 libcurl4-nss-dev_7.47.0-1ubuntu2.11_i386.deb 7544f18cdcf9973fd9c3f4e8b85cfb0b082ed771 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 0393bfe6076792c696f5b52f30e6533e8f956038 291792 libcurl4-openssl-dev_7.47.0-1ubuntu2.11_i386.deb Checksums-Sha256: 2a4fabaaff4cee1b16fc793421006c2723d2c74a93854b174010282578e1bb53 1084 curl-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 46dd19582f2c4fb6375e097cb593e9a1061a277a9016d2799923d47982f16889 141796 curl_7.47.0-1ubuntu2.11_i386.deb 95cb64f35881e090034b41f10e47cb20cab65d2c0eaf44012d7dc0f97d07a333 3224958 libcurl3-dbg_7.47.0-1ubuntu2.11_i386.deb 83ae6e8e89018a8b167052e96212d7c319997b8028d3bf25975b39e7eb2dfab4 1204 libcurl3-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb fde67d6f3183509769d57b185fddb0f183635c0f5ac4feb1e64f82f706ed5be3 1208 libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 57bc4861a0eead3d31675d3fa4f373c8ada85e34ccde2cb26d5c106770b5053d 205546 libcurl3-gnutls_7.47.0-1ubuntu2.11_i386.deb d0c47bcca63a7dc94f64d9522735f8d1812d3f86a0a984d304bc6633722abac6 1206 libcurl3-nss-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb d58da59084bfcfc15e292957f4697390f3385abf14a4041634f906d50300ec91 211792 libcurl3-nss_7.47.0-1ubuntu2.11_i386.deb 26d11a727ee7a437fc823afefb521c972a18e10f34cddfb9d6a70bce05c7dcc5 208540 libcurl3_7.47.0-1ubuntu2.11_i386.deb 041b10afb82e4be6aeca776c4cb18465b9533e8ba9bd75c897a3d545f62ff8d0 1292 libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb b2a80685bdf44793b2fd531197b0c0968d82c5c215e77b82b23b0112a5c8fe01 289244 libcurl4-gnutls-dev_7.47.0-1ubuntu2.11_i386.deb e1addb560dba9dd68f258d9592e5f6c3dce7beb5a38b5e37184a1e4869b98624 1288 libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 5ae67d3fc222e9d9b8b1ccf3260581eb88afe6a6b226585d405235b62540d004 295906 libcurl4-nss-dev_7.47.0-1ubuntu2.11_i386.deb fa17b48d2163f5b39ef484fc055cb9b7db6eecf42c27cbcca7c541a60882180d 1292 libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 1a0b81d00d722f8099f479770d18262b1abfed005aa90320d7373363d0c04f49 291792 libcurl4-openssl-dev_7.47.0-1ubuntu2.11_i386.deb Files: d60da0ee63d68d01e91c02baa8826145 1084 web extra curl-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb d83075dbd08fd01430b5e74b31d680b5 141796 web optional curl_7.47.0-1ubuntu2.11_i386.deb 8f6244608d08b5208ec670da268a2085 3224958 debug extra libcurl3-dbg_7.47.0-1ubuntu2.11_i386.deb 8f280816da181118c26447c5b1fcdd67 1204 libs extra libcurl3-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb d49b95672a5da11bf0bdde6004ded60a 1208 libs extra libcurl3-gnutls-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 79460b0ea012002aa2f28197eba6f3ac 205546 libs optional libcurl3-gnutls_7.47.0-1ubuntu2.11_i386.deb b57d683b3a4a41e3fc84a2f47fe5cccb 1206 libs extra libcurl3-nss-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb f01c1d1a3458703cfe38ae5f5c3cd86c 211792 libs optional libcurl3-nss_7.47.0-1ubuntu2.11_i386.deb 9c6b00b907bbb313ebdc627e7c00cb7b 208540 libs optional libcurl3_7.47.0-1ubuntu2.11_i386.deb 1abcb1e717f6f6eb1a770d6ad016faf8 1292 libdevel extra libcurl4-gnutls-dev-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 156c4e468ff08cbc8318c0f0fc7e05a7 289244 libdevel optional libcurl4-gnutls-dev_7.47.0-1ubuntu2.11_i386.deb c0b0452acf67f2c9ffb5597bcb3ac91b 1288 libdevel extra libcurl4-nss-dev-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb 622adfb8b6ad5b965cbd75c6f4f33b0d 295906 libdevel optional libcurl4-nss-dev_7.47.0-1ubuntu2.11_i386.deb 154fcee28e6d02ef45b56a652e1a292c 1292 libdevel extra libcurl4-openssl-dev-dbgsym_7.47.0-1ubuntu2.11_i386.ddeb e707b8d09d0004b620fe38b6e4d7a2e4 291792 libdevel optional libcurl4-openssl-dev_7.47.0-1ubuntu2.11_i386.deb Original-Maintainer: Alessandro Ghedini